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ABSTRACT 
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This  document  defines  the  Boeing-Vertol  Division  Reliability 
Program  Plan  (RPP)  for  the  Externally  Mounted,  Automatically 
Expelled/Inflated,  Multiplace  Life  Raft  For  Helicopters 
(Automated  Life  Raft)  (ALR)  Program.  The  RPP  defines  the 
approach/tasks/methods  for  identifying  and  controlling 
potential  systera/component  failures  and  their  consequences. 
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1.  INTRODUCTION 

This  document  establishes  the  Contractors  Reliability  Program 
Plan,  prepared  in  accordance  with  NACD  Contract  N62269-76-C-0341. 
The  purpose  of  the  Reliability  Program  is  to  identify  and 
control  potential  system  and  component  failures  and  their  con- 
sequences. This  includes  the  design  and  initial  testing  of 
flight  quality  components  to  obtain  realistic  weight,  cost 
and  relative  risk  assessments;  and  to  demonstrate  the  cost  and 
technical  characteristics,  including  reliability,  are  suffi- 
ciently predictable  to  provide  for  subsequent  conduct  of 
efficient,  effective  engineering  development  of  an  operational 
system. 

In  this  plan  special  emphasis  will  be  placed  on  the  relative 
tradeoffs  between  maintenance,  mission,  and  flight  safety 
reliability  in  order  to  optimize  the  relationship  between 
mission  effectiveness  and  life  cycle  costs. 

2.  SCOPE 

This  plan  specifically  covers  the  reliability  engineering  effort 
required  for  the  design,  fabrication,  demonstration  and  test 
of  the  Externally  Mounted,  Automatically  Expel led/ Inf la ted 
Multiplace  Life  Raft  For  Helicopters. 

The  Reliability  Program  shall  follow  the  guidelines  of  MIL-STD 
785A,  as  described  in  this  plan,  and  be  directed  toward  the 
accomplishment  of  the  following  tasks: 

a.  Establish  detailed  reliability  design  criteria. 

b.  Review  and  evaluate  designs  for  achievement  of  criteria. 

c.  Monitor  tests  and  evaluate  data  obtained  to  update 
criteria  and  objectives  and  ensure  that  adequate 
controls  are  established  for  discovered  modes  of 
Ifilure. 

3.  RELIABILITY  CONTRACTUAL  REQUIREMENTS 

This  paragraph  contains  the  specific  reliability  requirements 
contained  in  Contract  N62269^76-=C-=0341.  (Section  1-1,  Page  2, 
Task  I) 

3.1  ALR  SYSTEM  REQUIREMENT 

The  reliability  objective  for  the  ALR  System  is  to  have  as  a 
minimum,  a 3.90  reliability  at  the  90%  level  when  installed 
in  the  helicopter. 
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3.2  GENERAL  RELIABILITY  REQUIREMENTS  FOR  ALR  PROGRAM 

The  contractor  shall  design  the  Automated  Life  Raft 
to  meet,  as  a minimum,  the  requirements  for  PDLM  to  PDLM 
service  life  before  removal  for  overhaul  and  a 5 year  service 
life  before  retirement  or  extension.  The  design  shall: 

a.  Include  redundancy  to  provide  failsafe  components 

b.  Consider  fail-operational  capability 

c.  Include  incipient  failure  or  hazard  indicators 

d.  Minimize  the  deleterious  effects  on  component  life 
resulting  from  adverse  environmental  conditions. 

3.2.1  Military  Specifications 

The  contractor  will  comply  with  the  appropriate  military 
specifications  in  the  design,  fabrication  and  testing  of  the 
components  includes  in  the  ALR  Program.  (See  NADC  Contract 
N62269-76-C-0341,  Section  I) 

3.3  RELIABILITY  REQUIREMENTS - SYSTEMS  ENGINEERING 

3.3.1  Reliability  Program  Plan 

The  Reliability  Program  Plan  follows  the  guidelines  of 
MIL-STD  847  and  1304  (AS)  and  is  directed  towards  the  accomplish- 
ment of  the  following  tasks : 

a.  Establish  detailed  reliability  design  criteria. 

b.  Monitor  the  ALR  Tests  and  evaluate  data  obtained 
to  update  criteria  and  objectives. 

c.  Monitor  design  process  to  assure  criteria  compliance. 

3.3.2  Reliability  Reports 

The  contractor  will  report  the  results  of  the  above  reliability 
efforts  on  a quarterly  basis  during  design,  fabrication  and 
testing  of  ALR  components. 

3.3.3  Informal  Program  Review 

The  contractor  will  hold  informal  reliability  engineering 
reviews  between  contractor  and  customer  reliability  personnel 
on  a quarterly  basis  as  a minimum. 
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4.  SYSTEM  RELIABILITY  OBJECTIVES  AND  APPORTIONMENTS 

To  ensure  achievement  of  the  total  ALR  System  objective,  the 
contractor  will  develop  discrete  values  for  malfunction  rates 
and  mission  and  flight  safety  reliability  for  the  ALR  System 
components.  These  values  will  serve  as  internal  design  goals. 
Paragraph  9,  contains  definitions  for  the  reliability  and 
flight  safety  expressions  used  in  the  Program. 

4.1  RELIABILITY  RATIONALE 

ALR  reliability  objectives  will  be  established  using  as  a 
baseline  the  most  comprehensive  malfunction  data  available 
from  H-46  Aircraft. 

5.  ORGANIZATION  AND  RESPONSIBILITIES 

The  organization  established  to  achieve  the  reliability 
objective  is  shown  on  the  following  page.  The  H-46/107  Program  j 
Manager  is  responsible  for  the  integration  of  designs  that 
are  compa table  with  the  objectives  of  the  H-46  Program. 

Within  the  Product  Assurance  Organization  is  the  Reliability 
Engineering  Unit.  These  Reliability  Engineers  are  assigned 
to  the  ALR  Program,  maintaining  unit  continuity  and  drawing 
support  from  the  unit  as  required. 

The  Reliability  Engineering  Unit  has  direct  cognizance  of  the 
Reliability  Program  Plan  (RPP) . They  prepare  the  RPP,  and  j 

on  approval  of  the  RPP,  have  the  direct  responsibility  for 
working,  supporting  and  monitoring  reliability  tasks. 

Organizations  that  provide  support  to  reliability  tasks,  and 
their  prime  areas  of  support,  include: 

a.  Design  Engineering 

1.  Preparation  of  subsystem/assembly  block  diagrams 
and  functions  in  suoDort  of  reliabilitv  analyses. 

! 

2.  Preparation  of  data  packages  (drawings,  schematics, 
design  requirements)  in  support  of  design  reviews. 

3.  Solutions  to  identified  reliability  problems. 
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b.  Technology  Engineering 


1.  Determination  of  the  effect  of  loss  of  function 
of  a subsys ten/component  on  aircraft  operation 
in  support  of  reliability  analyses. 

2.  Solutions  to  identified  reliability  problems, 
c.  Test  Engineering 

1.  Preparation  of  test  plans  and  procedures. 

2.  Data  acquisition  (reporting  of  malfunctions  and 
failures) . 

3.  Identification  of  test  ins trumentation  interfaces 
with  test  subsystem/components  in  support  of 
reliability  analyses. 

5.1  CONTROL  OVER  RELIABILITY  EFFORT 

Control  of  the  Reliability  Engineering  effort  is  exercised  by 
managing  task  accomplishment,  schedule,  and  manpower  expenditure. 
Existing  policies  and  procedures  within  the  management  structure, 
are  used  to  facilitate  problem  resolution  and  dissemination  of 
any  special  controls  required  for  satisfactory  program  imple- 
mentation. 

5.2  SUBCONTRACTOR  CONTROL 

Allocated  ALR  reliability  requirements  are  levied  on  B/V 
suppliers  as  appropriate  to  fulfill  program  objectives.  The 
principal  means  for  executing  these  requirements  is  through 
Boeing  source  control  or  performance  specifications. 

6.  RELIABILITY  PROGRAM  ACTIVITIES 

This  section  describes  the  reliability  tasks  and  methods  for 
accomplishing  the  contractual  requirements  of  Paragraph  3. 

6.1  ANALYSIS  OF  HISTORICAL  EXPERIENCE 

The  initial  task  of  establishing  design  reliability  criteria 
is  accomplished  by  utilizing  experience  gained  from  other 
programs.  Documentation  cf  past  successes,  failures  and 
effective  corrective  actions  is  utilized  to  identify  design 
criteria  that  will  result  in  prevention  of  component/subsystem 
failures,  maintenance  problems  and  aborts/delays  due  to 
critical  failure  modes. 
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Corrective  techniques  employed  include  use  of  high  reliability 
parts,  derating,  environmental  protection  and  the  selected 
use  of  redundancy.  Specific  criteria  are  developed  to  establish 
the  effects  of  storage,  shelf  life,  packaging,  transportation, 
handling  and  maintenance  on  equipment  failure  rates. 

These  experience-generated  criteria  are  applied  during  design 
to  ensure  their  full  influence  on  design  decisions,  trade 
studies  and  design  reviews. 

6.2  DEFINITION  OF  SUCCESS /FA I LURE  CRITERIA 

The  design  project,  supported  by  the  Reliability  Engineering 
Unit,  has  established  preliminary  definitions  of  abort,  delay 
and  subsystem  failure.  Since  performance  requirements  are 
used  as  the  definition  of  successful  operation,  deviation  from 
required  limits  is  not  construed  to  constitute  a failure  in 
those  cases  where  functional  performance  is  not  lost. 

6.3  RELIABILITY  ANALYSIS 

The  ‘analytical  methods  used  to  determine  allocations  are  per 
MIL-STD  1304 (AS).  Functional  diagrams  and  failure  mode,  effect, 
and  criticality  analyses  are  used  to  provide  the  basis  for 
allocation  and  analysis.  The  failure  mode  and  effects  analysis 
is  performed  jointly  by  the  design  engineer  and  the  reliability 
engineer.  Allocations  for  aborts  and  delays  are  made.  Rates 
for  malfunctions  requiring  unscheduled  maintenance  are  also 
allocated. 

6.4  TRADE  STUDIES 

The  design  reliability  criteria  described  previously  are  applied 
as  primary  design  constraints.  Trade  studies  and  evaluations 
of  configurations  are  conducted  by  design  engineering,  supported  ! 
by  reliability  engineers  to  assess  the  degree  of  conformity  ! 

with  reliability,  objectives.  Analyses  of  the  effects  of  failures  \ 
on  operational  and  maintenance  costs  are  one  of  the  prime  factors 
of  evaluation. 

6.5  FAILURE  MODE  AND  EFFECT  ANALYSIS  (FMEA) 

Analysis  of  appropriate  subsystem,  component,  and  part  failure 
modes  is  performed  to  identify  foreseeable  failure  or  hazard 
occurrancss  and  direct  attention  to  corrective  actions.  Design 
Engineering  identifies  foreseeable  types  and  modes  of  system 
malfunction,  resulting  effects,  and  hazards  resulting  therefrom. 
Inter-sy3tem  failure  modes  and  effects  are  then  evaluated  by  ! 

the  Reliability  Unit.  Probability  of  occurrance  is  predicted 
and  failure  modes  classified  to  establish  the  effect  on  system 
performance  and  safety  in  accordance  with  MIL-STD-802. 


rO*«M  4S.#4  44. 


SHEET  14 


THt  jsr^sy/yji 


COMPANY 


NUMBER  D210-11132-1 
REV  LTR 


Failure  mode  and  effect  analyses  are  performed  per  SAE-ARP-926, 
Paragraph  2.  prior  to  construction  of  test  components.  Appendix  A 
contains  the  format  of  a failure  mode  and  effect  analysis. 
Procurement  specifications,  where  appropriate,  shall  require 
suppliers  to  perform  and  submit  for  Boeing  approval,  similar 
FMEAs. 

6.6  COMPONENT/SUBSYSTEM  COMPATABI LITY 

Highly  reliable  individual  parts  can  be  incompatible  when  inte- 
grated as  functioning  components  and  subsystems.  To  ensure 
compatibility.  Design  Engineering  groups  analyze  interface 
effects  and  interactions  of  performance  variables,  tolerances 
between  major  parts,  components,  and  subsystems,  and  assess 
the  effect  of  environments  induced  on  one  subsystem  by  another. 
Protective  devices  are  provided,  tolerances  changed,  or  equipment  ! 
relocated  to  correct  incompatibilities.  A compatibility  analysis  i 
is  conducted  prior  to  the  preliminary  design  review  and  this 
analysis  is  expended  as  the  design  progresses  to  include  evalua- 
tion of  tolerance  and  drift  conditions. 

6.7  INSTALLATION  ANALYSIS 

Installation  requirements  for  parts,  components,  and  subsystems 
are  analyzed  by  Design  and  Reliability  Engineering  to  establish 
internal  operating  environments  and  verify  design  operating 
capability.  External  interaction  between  adjacent  equipment  is 
analyzed  and  designs  changed  as  necessary  to  provide  compati- 
bility. Equipment  location  and  mounting  is  analyzed  to  verify 
that  environmental  limits  are  not  exceeded. 

6.8  DESIGN  REVIEWS 

Informal  design  reviews  are  conducted  on  the  ALR  Program  and 
its  specific  subsystems  and  equipment  at  strategic  points  in 
the  design  process.  Design  compliance  with  reliability  criteria  ! 
is  monitored  at  each  review  and  recommendations  provided. 

Selected  supplier  designs  are  subject  to  design  review  by 
Boeing  Engineering  and  Quality  Control  personnel. 

Reliability  support  provided  at  Design  Reviews  includes  such 
factors  as: 

a.  Current  reliability  estimates  and  predictions. 

b.  Potential  identified  problem  areas  and  corrective 
action  planning. 

c.  Identification  of  critical  items  and  appropriate  special 
controls . 

d.  Specification  compliance  demonstration  by  analysis. 


i 


OMM  46.'  14  12  061 


SHEET  15 


COMPANY 


NUMBER  D210-11132-1 
REV  LTR 


e.  Review  of  reliability  action  item  status. 

7.  RELIABILITY  DATA  DOCUMENTATION 

7.1  DATA  SUBMITTAL 

Reports  will  be  prepared  in  accordance  with  NADC  Contract 
N62269-76-C-0341.  Significant  milestones,  task  accomplishments, 
problem  areas,  prediction,  and  test  reporting  data  will  be 
included  for  the  tasks  outlined  in  the  program  plan  that  are 
pertinent  to  the  reporting  period  covered. 

7.2  DATA  COLLECTION 

During  development  testing,  Boeing  will  establish  and  maintain  a 
Reliability  Reporting  and  Corrective  Action  Program  to  collect, 
process  and  analyze  failure  data;  to  analyze  selected  failed 
assemblies;  and  to  prevent  failure  recurrence.  This  program 
will  be  conducted  utilizing  current  established  procedures  and 
techniques.  Equipment  Reliability  logs  and  summary  sheets 
for  maintaining  individual  records  are  shown  in  Appendix  B and  C 

Special  reporting,  performance  monitoring,  and  failure  classi- 
fication instructions  will  be  issued  to  support  the  test  and 
evaluation  program.  Subcontractor  failure  analysis  support 
will  be  required  whenever  appropriate. 

8.  RELIABILITY  DEFINITIONS 

FAILURE  - The  inability  of  an  item  to  perform  its  required 
functions  within  previously  specified  limits. 

MALFUNCTION  - A component  condition  requiring  corrective  action, 
the  occurrence  of  which  does  not  necessarily  imply 
complete  functional  failure  of  the  component  or  its 
related  subsystem  system. 

MISSION  RELIABILITY  - The  probability  that  an  aircraft  declared 
ready  shall  perform  its  mission  of  specified  length 
and  profile,  under  environmental  conditions  not 
exceeding  design  specifications,  without  incurring 
a mission  affecting  malfunction. 

MISSION  AFFECTING  MALFUNCTION  - Any  functional  failure  or  com- 
bination of  functional  failures  which  so  degrade  the 
performance  or  capability  of  the  aircraft  that  a take- 
off is  delayed  (more  than  15  minutes)  or  cancelled, 
or  a flight  is  aborted  because  established  mission 
success  criteria  have  not  been  met. 
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FLIGHT  SAFETY  RELIABILITY  - Any  material  failure  or  malfunctions, 
or  combinations  thereof,  that  could  result  in  a major 
accident  because  established  flight  safety  criteria 
have  not  been  met. 

9.  AUTOMATED  LIFE  RAFT  RELIABILITY  RATIONALE 

This  system  is  unique  in  that  all  of  the  reliability  goals, 
objectives  and  requirements  are  met  if  the  system  is  installed 
on  the  H-46  Helicopter,  is  functional,  and  is  never  used  through- 
out the  operational  flight  cycle  of  the  helicopter. 

If  the  system  is  always  operational,  causes  no  mission  aborts 
and  is  never  used  then  it  has  performed  as  designed.  The  ALR 
reliability  may  be  measured  in  MMH/FH.  It  may  be  measured  in 
calendar  months.  in  this  RPP  it  is  intended  that  PDLM  periods 
(time  accumulated  by  the  helicopter  between  obligatory  returns 
to  0 & R facilities)  will  be  the  reliability  yardstick.  (Calendar 
months ) 

The  system  is  also  unique  in  that  the  most  hazardous  instances 
may  occur  should  the  system  function  inadvertently  during 
flight.  This  situation  could  be  more  hazardous  to  flight  than 
having  no  automated  life  rafts  installed.  Reliability  Engineering 
activities  are  particularly  emphasized  throughout  the  design 
and  test  (progress)  stages  of  ALR  development  to  control  such 
a situation  and  provide  reliable  safeguards  should  any  system 
or  subsystem  malfunction  occur. 
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APPENDIX  B 

INDIVIDUAL  FAILURE  ANALYSIS 
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